These organizations are particularly helpful if you experience a break-in
or any kind of security incident at your site. They are also sources of
useful general information about Internet security and incident
response.

The CERT Coordination Center is the organization
that grew from the computer emergency response team formed by the
Defense Advanced Research Projects Agency (DARPA)
in November 1988 in response to the needs exhibited during the
Internet worm incident. The CERT-CC charter is to
work with the Internet community to facilitate its response to
computer security events involving Internet hosts; to take proactive
steps to raise the community's awareness of computer security issues;
and to conduct research targeted at improving the security of existing
systems.

CERT-CC products and services include 24-hour
technical assistance for responding to computer security incidents,
product vulnerability assistance, technical documents, and seminars.
In addition, the team maintains a number of mailing lists (including
one for CERT-CC advisories) and provides an
anonymous FTP server:
info.cert.org, where security-related documents,
past CERT-CC advisories, and tools are archived.

The CERT-CC FAQ, and other information about
CERT-CC are available
from info.cert.org via anonymous
FTP.

This coalition, the Forum of Incident Response and Security Teams
(FIRST), brings together a variety of computer
security incident response teams from government, commercial, and
academic organizations. FIRST aims to foster
cooperation and coordination in incident prevention, to prompt rapid
reaction to incidents, and to promote information sharing among
members and the community at large. Currently FIRST
has more than 40 members.

If you're not sure if you are served by an incident response team,
contact FIRST; they can probably tell you. You can
contact FIRST:

From the U.S. National Institute of Standards and
Technology CSRC WWW page:

You are currently accessing the NIST Computer
Security Resource Clearinghouse. The Clearinghouse is a National
Performance Review (NPR) action. The Clearinghouse
project at NIST is on-going; its goals are to

Unify computer security-related information

Ensure the information is complete and accurate

Make the information easily searchable and convenient to obtain

Keep the information current

Make the Clearinghouse self-documenting; a model for how to do it

The main focus is on crisis response information; information on
computer security-related threats, vulnerabilities, and solutions. At
the same time, the Clearinghouse strives to be a general index to
computer security information on a broad variety of subjects, including
general risks, privacy, legal issues, viruses, assurance, policy, and
training.

Since 1975 the USENIX Association has brought
together the community of engineers, scientists, and technicians
working on the cutting edge of the computing world. The
USENIX Conferences and Technical Workshops have
become the essential meeting grounds for the presentation and
discussion of the most advanced information on the developments of all
aspects of computing systems.

USENIX and its members are dedicated to:

problem-solving with a practical bias

Fostering innovation and research that works

Communicating rapidly the results of both research and innovation

Providing a neutral forum for the exercise of critical thought and the
airing of technical issues

USENIX serves its members and supports professional
and technical development through a variety of on-going activities,
including:

Annual technical conference.

Frequent specific-topic conferences and symposia.

A highly regarded tutorial program covering a wide range of topics,
introductory through advanced.

Numerous publications, including a book series, in cooperation with
The MIT Press, on advanced computing systems;
proceedings from USENIX symposia and conferences;
the quarterly journal Computing Systems; and the
biweekly newsletter.

Participation in various ANSI, IEEE and
ISO standards efforts.

Sponsorship of local and special technical groups relevant to the
UNIX environment. The chartering of the System
Administrators Guild as a Special Technical Group within
USENIX is the most recent.

comp.org.usenix, the association's newsgroup.

USENIX sponsors a variety of conferences and
symposia, many of which are related to or touch on network and system
security. The proceedings of past events are also available. You can
contact USENIX:

SAGE stands for the Systems Administrators Guild
(don't ask what happened to the E). It is a subgroup of the USENIX
Association. SAGE is devoted to the Advancement of System
Administration as a distinct profession, within the realm of computer
science but with similarities to facilities management and other
service industries.

SAGE answers the widely felt need for an
organization dedicated to advancing the profession of systems
administration. SAGE brings together system administrators to:

Recruit talented individuals to the profession

Share technical problems and solutions

Establish standards of professional excellence while providing
recognition for those who attain them

Promote work that advances the state-of-the-art or propagates
knowledge of good practice in the profession

SAGE cosponsors the annual LISA
and SANS conferences. For more information about
SAGE, contact the USENIX office: